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DETAILED ACTION 

The Examiner would like to note that the present application has been reassigned to a 
new Examiner. 

This Office action is in response to Applicant's amendment and request for 
reconsideration filed on February 01, 2007. 
Claims 1-27 are pending. 

Response to Arguments 

Applicant's arguments filed February 01, 2007, have been fully considered but they are 
not persuasive. 

In response to applicant's argument that the references fail to show certain features of 
applicant's invention, it is noted that the features upon which applicant relies (i.e., 
"temporarily assigning higher access rights to a remote user to allow the remote user to 
execute one or more programs on the end user device') are not recited in the rejected 
claim(s). Although the claims are interpreted in light of the specification, limitations from 
the specification are not read into the claims. See In re Van Geuns, 988 F.2d 1 181, 26 
USPQ2d 1057 (Fed. Cir. 1993). 

In response to the applicant's arguments that Chapman does not teach "assinging an 
elavated access right to a remote user identifier and a limited access right to an end 
user identifier, the limited access right operable to prevent access to the utility at the 
end user device", the examiner respectfully disagrees. 



► 
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Chapman describer a plurality of terminals 12, 14, 16 in a computer network having 
accessing to an active Unix system 2 (wherein the active Unix system is read as the 
end user device having a utility program, see Fig. 1, and col. 5, lines 18-30). 
Furthermore, Chapman teaches [at least] two types of user [operating on the plurality of 
terminals 12, 14, 16] with access to the Unix system 2, a "super user" (read as a user 
having an elevated access right) and a "normal user" (see col. 3, lines 66-col. 4, line 9). 
Once a remote user logs into the Unix system 2, the user's identity is verified through a 
typical Unix logon sequence (see col. 5, line 10-col. 6, line 6) and the Unix system 
establishes the user's credentials (read as assigning access privileges), which are 
stored in a user database and define the user's accountability and access rights (read 
as "normal user" access rights or "super user" access rights, see col. 5, lines 30-42). 
Furthermore, once the user's credentials have been established, Chapman then 
teaches that only the users that are assigned "super user" privileged are able to gain 
access to the control program (read as the utility at the end user device) running on the 
Unix system 2 (see col. 3, line 66-col. 4, line 9 and col. 6, lines 20-29, In Unix terms the 
privileged user must have superuser authority having a unique user identification 
number 33 of zero", read as the limited access right operable to prevent access to the 
utility at the end user device). 

In response to the applicant's arguments that Chapman does not teach launching the 

* 

administrative tool according to the elevated access right while the end user identifier 
retains the limited access right to the end user device ", the examiner respectfully 
disagrees, see col. 6, lines 7-55, wherein the user having "super user" privileges 



♦ 

r 
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accesses the control program, and issues a command warning other users [currently 
accessing the Unix system 2] (read as "normal users") of an impending access 
restriction. Thus, for at least a temporary "grace" period, the "super user", having access 
to the control program, and the "normal users" both have access to the Unix system 2, 
according to their respective access privileges. 

■ 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form 

« 

the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
' States. 

Claims 1-7, 9-12, 13-19, and 21-27 are rejected under 35 U.S.C. 102(b) as being 
anticipated by US Patent 5774650 to Chapman et al. (hereinafter Chapman). 

As per claim 1 and 25 Chapman discloses a method for using a utility (see access 
control program - Chapman column 6 lines 13-19; the program allows a permitted user 
to make administrative configuration changes) at an end user device (see systems 
2,4,6,8 - Chapman column 3 lines 20-22; the utility resides in the systems), comprising: 
assigning an elevated access right (see privilege user - Chapman column 4 lines 1-4, 
and establishing credentials upon login, see coL 5, lines 30-42) to a remote user 
identifier (see remote - Chapman column 3 lines 39-43, and user identity ["username"], 
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see col. 5, lines 30-42, also see user number zero - Chapman column 4 lines 39-40; 
user with the identifier zero refers to having an elevated access) and a limited access 
right to an end user identifier (see normal user - Chapman column 4 lines 1-4 and col. 

* 

5, lines 30-42), the limited access right operable to prevent access to the utility at the 
end user device (see col. 6, lines 24-29); Accessing the utility at the end user device 
using the remote user identifier (access control program, see column 6 lines 20-24), the 
utility operable to allow the remote user identifier (see provide for privilege user - 
Chapman column 4 lines 4-6); to select an administrative tool at the end user device 
(see command line - Chapman column 6 lines 13-19; command line is the 
administrative tool used by a user with proper access rights to change or configure the 
end user system, also see "command line arguments" col. 6, lines 29-40) Launching the 
administrative tool according to the elevated access right while maintaining the limited 
access right of the end user identifier (see col. 6, lines 7-55, wherein the user having 
"super user" privileges accesses the control program, and issues a command warning 
other users [currently accessing the Unix system 2] (read as "normal users") of an 
impending access restriction. Thus, for at least a temporary "grace" period, the "super 
user", having access to the control program, and the "normal users" both have access 
to the Unix system 2, according to their respective access privileges); and performing at 
least one administrative task at the end user device using the administrative tool (see 
col. 6, lines 54-col. 7, lines 31). 
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As per claims 2 and 14 Chapman discloses, wherein assigning an elevated access right 
(see privilege user - Chapman column 4 lines 1-4) to a remote user identifier and a 
limited access right to an end user identifier further comprises: setting up at a network 
directory a remote user profile for the remote user identifier, the remote user profile 
associating the remote user identifier with the elevated access right (see Figure 2 and 
user account file - Chapman column 4 lines 23-26; also see super user denoted by user 
number zero - Chapman column 4 line 39-40); and setting up at the network directory 
an end user profile, the end user profile associating the end user identifier with the 
limited access right (see Figure 2 and user account file - Chapman column 4 lines 23- 
26; also see create definition -Chapman line 56-57; the definition corresponds to the 

■ * 

user name in the user account profile, and based on this the user has limited access 
right since the definition states the unauthorized users). . 

As per claim 3 and 15 Chapman discloses, wherein accessing the utility at the end user 
device using the remote user identifier further comprises receiving the remote user 
identifier (see login - Chapman column 5 lines 22-28; the username that is typed in is 
the remote user identifier); authenticating the remote user identifier using a network 
directory, the network directory comprising a profile associating the remote user 
identifier with the elevated access right (see authenticating and access rights - see 
Chapman column 5 lines 30-41; note that the account details is obtained from the user 
account file shown in figure 2); and granting access to the utility using the elevated 
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access right (see invoke access control program and check that user is privilege to do 
so - Chapman column 6 lines 20-25). 

As per claims 4,10,16 and 22 Chapman discloses, establishing a remote connection 
using a remote control module at a remote user device (see session can be opened 
with the remote system 2 using protocol - Chapman column 5 lines 18-22). 

♦ 

As per claims 5,11, 17 and 23 Chapman discloses, detecting a break in the remote 
Connection (see logging off - see Chapman column 7 lines 14-17; logging off breaks 
remote connection); and closing at least one process (see terminating all processes - 
Chapman column 7 lines 16-17), the at least one process corresponding to the 
administrative tool used to perform the administrative task (see exit access control 
program - Chapman column 7 lines 28-30). 

As per claims 6,12,18 and 24 as best understood, Chapman discloses, wherein the 
remote user identifier is associated with the remote user device (see superuser - 
Chapman column 4 lines 39-40), the remote user device (see Chapman figure 1 block 
12) located at a separate location (see other remote terminals - Chapman column 3 
lines 39-43; note that the terminals are stated as remote therefore separate from the 
RISC System which corresponds to figure 1 block 2) from the end user device (see 
Chapman figure 1 block 2). 



* 

t 
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As per claims 7 and 19 Chapman discloses, wherein the administrative task comprises 
operations that affect the settings of the end user device (command line arguments 
supplied - Chapman column 6 lines 29-36; the command line arguments are the 
administrative tasks that will affect settings at the end user device, which includes 
restricting access). 

As per claims 9, 21 and 26, Chapman discloses a method and software of elevating an 
access right at an end user device comprising: receiving an authentication message 
from a network in response to a login request from a remote user identifier (see 
authenticating and access rights - see Chapman column 5 lines 30-41; note that the 
account details is obtained from the user account file shown in figure 2), the 
authentication message operable to inform if the remote user identifier is associated 
with an elevated access right, the elevated access right operable to allow access to an 
administrative tool at the end user device (see invoke access control program and 
check that user is privilege to do so - Chapman column 6 lines 20-25); generating an 
elevated access layer using the elevated access right, the elevated access layer 
operable to: initiate an administrative tool at the end user device (see invoke access 
control program and check that user is privilege to do so - Chapman column 6 lines 20- 
25); and elevate the access right of the remote user identifier according to the elevated 
access right (see privilege user - Chapman column 4 lines 1-4); launching the 
administrative tool using the elevated access layer (see entering command - Chapman 
column 6 lines 20-22); and processing at least one administrative task at the end user 



* 
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device using the administrative tool while the end user identifier retains the limited 
access right to the end user device (see coL 6, lines 7-55, wherein the user having 
"super user" privileges accesses the control program, and issues a command warning 
other users [currently accessing the Unix system 2] (read as "normal users") of an 
impending access restriction. Thus; for at least a temporary "grace" period, the "super 
user", having access to the control program, and the "normal users" both have access 
to the Unix system 2, according to their respective access privileges); the limited access 
right operable to prevent access to the administrative tool at the end user device (see 
col. 3, line 66-col. 4, line 9 and col. 6, lines 20-29, "In Unix terms the privileged user 

4 

must have su peruser authority having a unique user identification number 33 of zero'). 

As per claim 13, Chapman discloses, a system for elevating access rights of a remote 
user, comprising: a network directory operable to assign an elevated access right to a 
remote user identifier and a limited access right to an end user identifier (see Figure 2 
and user account file - Chapman column 4 lines 23-26; also see super user denoted by 
user number zero - Chapman column 4 line 39-40); a utility stored (access control 
program - Chapman column 4 lines 2-4) at an end user device and operable to: launch 
the administrative tool according to the elevated access right while the end user 
identifier retains the limited access rights to the end user ( (see col. 6, lines 7-55, 
wherein the user having "super user" privileges accesses the control program, and 
issues a command warning other users [currently accessing the Unix system 2] (read as 

■ 

"normal users") of an impending access restriction. Thus, for at least a temporary 
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"grace" period, the "super user", having access to the control program, and the "normal 
users" both have access to the Unix system 2, according to their respective access 
privileges), the limited access right operable to prevent access to the utility at an end 
user device (see col. 3, line 66-col. 4, line 9 and col. 6, lines 20-29, "In Unix terms the 
privileged user must have superuser authority having a unique user identification 
number 33 of zero') and perform at least one administrative task at the end user device 

■ 

using the administrative tool (see col. 6, lines 54-coL 7, lines 31); and a remote (see 
remote - Chapman column 3 lines 39-43) user device (see Chapman figure 1 block 12 ) 
operable to access the utility at the end user (access control program - Chapman 
column 4 lines 2-4) device using the remote user identifier (see provide for privilege 
user - Chapman column 4 lines 4-6) in order to perform the at least one administrative 
task at the end user device (see col. 6, lines 54-col. 7, lines 31). 

As per claim 27, Chapman discloses, a method of elevating an access right at an end 
user device, comprising: receiving an authentication message from a network in 
response to a login request from a remote user identifier (see authenticating and access 
rights - see Chapman column 5 lines 30-41 ; note that the account details is obtained 
from the user account file shown in figure 2), the authentication message operable to 
inform if the remote user identifier is associated with an elevated access right, the 
elevated access right operable to allow access to an administrative tool at the end user 
device, (see invoke access control program and check that user is privilege to do so - 
Chapman column 6 lines 20-25). the remote user identifier associated with a remote 



» 

» 

* 
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user device (see superuser - Chapman column 4 lines 39-40), the remote user device 
(see Chapman figure 1 block 12) being at a separate location from the end user device 
(see Chapman figure 1 block 2); generating an elevated access layer using the elevated 
access right, the elevated access layer operable to: initiate an administrative tool at the 
end user device (see invoke access control program and check that user is privilege to 
do so - Chapman column 6 lines 20-25); and elevate the access right of the remote 
user identifier according to the elevated access right (see privilege user - Chapman 
column 4 lines 1-4); launching the administrative tool using the elevated access layer, 
while the end user identifier retains the limited access rights to the end user device (see 
col. 6, lines 7-55, wherein the user having "super user" privileges accesses the control 
program, and issues a command warning other users [currently accessing the Unix 
system 2] (read as "normal users") of an impending access restriction. Thus, for at least 
a temporary "grace" period, the "super user", having access to the control program, and 
the "normal users" both have access to the Unix system 2, according to their respective 

r . 

access privileges); and processing at least one administrative task at the end user 
device using the administrative tool while maintaining an end user identifier logged into 
the network with a limited access right (see col. 6, lines 7-55, wherein the user having 
"super user" privileges accesses the control program, and issues a command warning 
(read as a administrative task) to other users [currently accessing the Unix system 2] 
(read as "normal users") of an impending access restriction. Thus, for at least a 
temporary "grace" period, the "super user", having access to the control program, and 
the "normal users" both have access to the Unix system 2, according to their respective 



* 
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access privileges), the limited access right operable to prevent access to the 
administrative tool at the end user device (see col. 3, line 66-col. 4, line 9 and col. 6, 

♦ 

lines 20-29, "In Unix terms the privileged user must have superuser authority having a 
unique user identification number 33 ofzero')\ detecting a remote connection from the 
remote user device, the remote connection operable to access the end user device 
using a remote control module at the remote user device (see session can be opened 
with the remote system 2 using protocol - Chapman column 5 lines 18-22); and 
discontinuing (see logging off - see Chapman column 7 lines 14-17; logging off breaks 
remote connection) at least one process (see terminating all processes - Chapman 
column 7 lines 16-17), associated with the administrative tool upon detecting a break in 
the remote connection (see exit access control program - Chapman column 7 lines 28- 
30). 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by th.e manner in which the invention was made. 

Claims 8 and 20 is rejected under 35 U.S.C. 103(a) as being unpatentable over US 
Patent 5774650 to Chapman et al, (hereinafter Chapman) in view of US Patent 
6289378 to Meyer et al (hereinafter Meyer). 
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As per claim 8 and 20, Chapman discloses all the limitations of parent claims 1 and 13 
from which claims 8 and 20 depend, respectively (see above 102 rejections for claim 1 
and 13). 

Chapman does not disclose expressly wherein the end user device comprises an 

■ 

operating system selected from a group consisting of WINDOWS XP and WINDOWS 

2000. 

The concept of using Windows as operating system is well known in the art as 
illustrated by Meyer which teaches an end user device comprises an operating system 
selected from a group consisting of WINDOWS XP and WINDOWS 2000 (see Windows 
column 4 lines 61-64). 

Meyer and Chapman are analogous art because both have a similar problem solving 
area, which is to restrict access to users based on the definitions of authorized users. At 
the time of the invention, it would have been obvious to a person of ordinary skill in the 
art to modify the system of Chapman with a user device comprises an operating system 
selected from a group consisting of windows such as disclosed by Meyer et al. The 
motivation is to provide a platform independent system so as to incorporate comparable 
devices that are widely used, such as a device that runs on the Windows environment. 

Conclusion 

ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the 
extension of time policy as set forth in 37 CFR 1 . 1 36(a). 
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A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Brendan Y. Higa whose telephone number is (571)272- 
5823. The examiner can normally be reached on M-F 8:30-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Glenton Burgess can be reached on (571)272-3949. The fax phone number 

■ 

for the organization where this application or proceeding is assigned is 571-273-8300. 
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■ 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 

» 

you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at.866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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